Total
366449 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-5169 | 1 Powerportal | 1 Powerportal | 2026-06-16 | 5.1 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in John Himmelman (aka DaRk2k1) PowerPortal 1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to registering a user. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | |||||
| CVE-2006-5168 | 1 Simon Brown | 1 Pebble | 2026-06-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the search functionality in Simon Brown Pebble 2.0.0 RC1 and RC2 allows remote attackers to inject arbitrary web script or HTML via the query string. | |||||
| CVE-2006-5167 | 1 Basilix | 1 Basilix Webmail | 2026-06-16 | 5.1 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in BasiliX 1.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) BSX_LIBDIR parameter in scripts in /files/ including (a) abook.php3, (b) compose-attach.php3, (c) compose-menu.php3, (d) compose-new.php3, (e) compose-send.php3, (f) folder-create.php3, (g) folder-delete.php3, (h) folder-empty.php3, (i) folder-rename.php3, (j) folders.php3, (k) mbox-action.php3, (l) mbox-list.php3, (m) message-delete.php3, (n) message-forward.php3, (o) message-header.php3, (p) message-print.php3, (q) message-read.php3, (r) message-reply.php3, (s) message-replyall.php3, (t) message-search.php3, or (u) settings.php3; and the (2) BSX_HTXDIR parameter in (v) files/login.php3. | |||||
| CVE-2006-5166 | 1 Php Web Scripts | 1 Easy Banner Free | 2026-06-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in functions.php in PHP Web Scripts Easy Banner Free allows remote attackers to execute arbitrary PHP code via a URL in the s[phppath] parameter. | |||||
| CVE-2006-5165 | 1 Skrypty | 1 Ppa Gallery | 2026-06-16 | 5.1 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in inc/functions.inc.php in Skrypty PPA Gallery 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the config[ppa_root_path] parameter. | |||||
| CVE-2006-5164 | 1 Sum Effect Software | 1 Digishop | 2026-06-16 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in cart.php in Sum Effect Software digiSHOP 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) sortBy or (2) search parameters. | |||||
| CVE-2006-5163 | 1 Ibm | 1 Informix Dynamic Server | 2026-06-16 | 3.6 LOW | N/A |
| IBM Informix Dynamic Server 10.UC3RC1 Trial for Linux and possibly other versions creates /tmp/installserver.txt with insecure permissions, which allows local users to append data to arbitrary files via a symlink attack. | |||||
| CVE-2006-5162 | 1 Microsoft | 1 Internet Explorer | 2026-06-16 | 5.0 MEDIUM | N/A |
| wininet.dll in Microsoft Internet Explorer 6.0 SP2 and earlier allows remote attackers to cause a denial of service (unhandled exception and crash) via a long Content-Type header, which triggers a stack overflow. | |||||
| CVE-2006-5161 | 1 Ibm | 1 Client Security Password Manager | 2026-06-16 | 6.4 MEDIUM | N/A |
| IBM Client Security Password Manager stores and distributes saved passwords based upon the title of a website, which allows remote attackers to obtain username and password credentials by changing the title of an HTML page. | |||||
| CVE-2006-5160 | 1 Mozilla | 1 Firefox | 2026-06-16 | 7.8 HIGH | 8.1 HIGH |
| Multiple unspecified vulnerabilities in Mozilla Firefox have unspecified vectors and impact, as claimed during ToorCon 2006. NOTE: the vendor and original researchers have released a follow-up comment disputing this issue, in which one researcher states that "I have no undisclosed Firefox vulnerabilities. The person who was speaking with me made this claim, and I honestly have no idea if he has them or not. | |||||
| CVE-2006-5159 | 1 Mozilla | 1 Firefox | 2026-06-16 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving JavaScript. NOTE: the vendor and original researchers have released a follow-up comment disputing the severity of this issue, in which the researcher states that "we mentioned that there was a previously known Firefox vulnerability that could result in a stack overflow ending up in remote code execution. However, the code we presented did not in fact do this... I have not succeeded in making this code do anything more than cause a crash and eat up system resources" | |||||
| CVE-2006-5158 | 3 Canonical, Linux, Redhat | 6 Ubuntu Linux, Linux Kernel, Enterprise Linux Desktop and 3 more | 2026-06-16 | 3.3 LOW | 7.5 HIGH |
| The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (process crash) and deny access to NFS exports via unspecified vectors that trigger a kernel oops (null dereference) and a deadlock. | |||||
| CVE-2006-5157 | 1 Trend Micro | 1 Officescan | 2026-06-16 | 5.1 MEDIUM | N/A |
| Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in TrendMicro OfficeScan Corporate Edition (OSCE) before 7.3 Patch 1 allows remote attackers to execute arbitrary code via format string identifiers in the "Management Console's Remote Client Install name search". | |||||
| CVE-2006-5156 | 1 Mcafee | 2 Epolicy Orchestrator, Protectionpilot | 2026-06-16 | 10.0 HIGH | N/A |
| Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126 allows remote attackers to execute arbitrary code via a request to /spipe/pkg/ with a long source header. | |||||
| CVE-2006-5155 | 1 Videodb | 1 Videodb | 2026-06-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in core/pdf.php in VideoDB 2.2.1 and earlier allows remote attackers to execute arbitrary PHP code via the config[pdf_module] parameter. | |||||
| CVE-2006-5154 | 1 Deluxebb | 1 Deluxebb | 2026-06-16 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in cp/sig.php in DeluxeBB 1.09 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the templatefolder parameter. | |||||
| CVE-2006-5153 | 1 Kerio | 1 Personal Firewall | 2026-06-16 | 5.0 MEDIUM | N/A |
| The (1) fwdrv.sys and (2) khips.sys drivers in Sunbelt Kerio Personal Firewall 4.3.268 and earlier do not validate arguments passed through to SSDT functions, including NtCreateFile, NtDeleteFile, NtLoadDriver, NtMapViewOfSection, NtOpenFile, and NtSetInformationFile, which allows local users to cause a denial of service (crash) and possibly other impacts via unspecified vectors. | |||||
| CVE-2006-5152 | 1 Microsoft | 1 Internet Explorer | 2026-06-16 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL that is returned in a large HTTP 404 error message without an explicit charset, a related issue to CVE-2006-0032. | |||||
| CVE-2006-5151 | 1 Hp | 1 Hp-ux | 2026-06-16 | 10.0 HIGH | N/A |
| Unspecified vulnerability in HP Ignite-UX server before C.6.9.150 for HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to "gain root access" via unspecified vectors. | |||||
| CVE-2006-5150 | 1 Openbiblio | 1 Openbiblio | 2026-06-16 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in the reports system in OpenBiblio before 0.5.2 allows remote attackers with report privileges to execute arbitrary SQL commands via unspecified vectors. | |||||
